AML Policy
Last updated: February 2026
Terms and conditions for using Uptex services
Last updated: February 2026
AML/CFT Policy for Uptex
20 February 2026
Purpose and Scope
Uptex is committed to the highest standards of compliance in Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT). As a licensed neobank in Oman (operating with no physical branches or cash services) and a registered Money Service Business (MSB) in Canada, Uptex provides digital multi-currency banking, international funds transfers, and related financial services. This AML/CFT Policy establishes the framework to prevent, detect, and report money laundering, terrorist financing, and other illicit financial activities across all of Uptex's operations. It applies to all business lines (including digital banking and securities services) and to all employees, officers, and directors of Uptex. This policy is designed to ensure compliance with applicable laws and regulatory requirements in Oman and Canada, as well as international best practices. In particular, it addresses compliance with:
This policy is designed to ensure compliance with applicable laws and regulatory requirements in Oman and Canada, as well as international best practices. In particular, it addresses compliance with:
Omani Laws & Regulations: Royal Decree No. 30/2016 (Oman's Law on Combating Money Laundering and Terrorism Financing) and its mandates on customer due diligence, record-keeping, and suspicious transaction reporting. It also satisfies the requirements of the Central Bank of Oman (CBO) for licensed banks and the Capital Market Authority (CMA) guidelines for securities firms. Uptex's banking license obligates full adherence to Oman's Banking Law and AML Law.
Canadian Laws & Regulations: The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated regulations, as enforced by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). This includes all MSB obligations on registration, customer identification and verification, beneficial ownership identification, record-keeping, large transaction reporting, suspicious transaction reporting, and sanctions compliance. Uptex meets FINTRAC's requirements and guidelines for its Canadian operations.
International Standards: Uptex aligns its program with the Financial Action Task Force (FATF) 40 Recommendations on AML/CFT. A risk-based approach is implemented as mandated by FATF and required by both Omani and Canadian regulations. Uptex also enforces United Nations Security Council sanctions and relevant international conventions, including measures against terrorist financing and proliferation financing, in line with global best practices.
Governance and Oversight
Tone at the Top: Uptex's Board of Directors and senior management lead a strong culture of compliance with zero tolerance for financial crime. The Board approves this AML/CFT Policy and oversees its implementation. At least annually (or upon significant regulatory changes), the Board and senior management review the effectiveness of the AML/CFT program and risk assessment, ensuring that adequate resources and support are provided for compliance. They set the "tone at the top" that compliance is an organizational priority.
Money Laundering Reporting Officer (MLRO): Uptex has appointed a qualified MLRO (with a Deputy MLRO) who is responsible for day-to-day oversight of AML/CFT compliance. The MLRO has full authority and independence to implement this policy's controls, monitor compliance, and report suspicious activities to the relevant authorities. The MLRO provides regular reports to the Board on AML/CFT matters, including the results of risk assessments and any significant compliance issues. The MLRO also coordinates group-wide compliance efforts, liaising with regulators in each jurisdiction. The MLRO and his/her team are empowered to escalate issues and have unfettered access to all information necessary to perform their duties.
Employee Responsibilities: All Uptex employees, contractors, and officers are expected to adhere to this AML/CFT Policy and supporting procedures. Every staff member is trained to be vigilant for potential money laundering or terrorist financing red flags. Front-line customer-facing staff and operations personnel must perform proper customer due diligence and are required to promptly escalate any unusual or suspicious activity to the MLRO. Compliance and risk management staff provide guidance and monitor business activities to ensure adherence. Wilful blindness or deliberate non-compliance by any employee is not tolerated; any staff found violating AML/CFT requirements or ignoring suspicious indicators will face disciplinary action and potential legal consequences.
Internal Controls: Uptex maintains robust internal controls and governance mechanisms to ensure ongoing AML/CFT compliance. This includes clear policies and procedures, segregation of duties to prevent conflicts of interest, dual-control checks for high-risk processes or transactions, and strict system access controls to sensitive data. An AML/CFT Compliance Program Charter governs the roles, responsibilities, and reporting lines for compliance staff. Uptex employs technology tools (such as automated transaction monitoring and screening systems) alongside human oversight to enforce controls. Importantly, the AML/CFT program is subject to independent audit and testing on a periodic basis (see Independent Audit and Review section), to evaluate the effectiveness of controls and identify any areas for improvement. Findings from audits or regulatory inspections are reported to senior management and the Board, and corrective actions are tracked to completion.
Risk-Based Approach (RBA)
Uptex employs a Risk-Based Approach to AML/CFT compliance. In line with FATF guidance and Article 12 of Oman's AML Law (and equivalent Canadian regulatory expectations), Uptex focuses greater attention and resources on areas of higher risk while maintaining minimum standards across all areas. The intensity of customer due diligence, monitoring, and controls is commensurate with the level of risk identified. Key elements of our RBA include:
Enterprise Risk Assessment: We regularly conduct comprehensive institutional risk assessments to identify and evaluate money laundering and terrorist financing risks inherent in our products, services, customer types, delivery channels, and geographic areas of operation. Given Uptex's offerings (multi-currency accounts, cross-border transfers, digital brokerage) and international reach, particular focus is placed on cross-border exposure and customers from jurisdictions with higher risk. The enterprise-wide risk assessment is documented and approved by senior management and the Board. It is updated at least annually, or sooner if there are major changes to our business or emerging threats, to ensure our understanding of risk remains current.
Risk Mitigation: We deploy controls proportionate to the risks identified. Higher-risk customers and transactions receive enhanced scrutiny and stricter controls, whereas lower-risk scenarios may qualify for reduced measures as permitted by law (for example, simplified due diligence for very low-risk cases, where applicable). For instance, a customer with a complex corporate structure or connections to a country with weak AML controls will be subjected to enhanced due diligence and monitoring (see the EDD section), whereas a low-value account for a salaried local resident might undergo standard due diligence. In all cases, we meet at least the baseline regulatory requirements, and for elevated risks we go well beyond the minimum.
Customer Risk Segmentation: Uptex categorizes its customers by type and risk profile to tailor our due diligence appropriately. We differentiate among retail individual customers, small and medium-sized enterprises (SMEs), and high-net-worth individuals (HNWIs), among others. Each segment presents distinct risk characteristics. For example, HNWIs may conduct larger or more complex transactions and thus require deeper scrutiny of source of wealth and more frequent monitoring; SME clients require verification of business activities and identification of all principals/beneficial owners, as their ownership structures can introduce risk; retail individuals encompass a wide range (from low-risk local salary earners to higher-risk non-residents or politically exposed persons) and are assessed accordingly. By segmenting customer risk, Uptex ensures that higher-risk client types (such as non-resident accounts, PEPs, or clients in cash-intensive industries) are identified at onboarding and subject to appropriate enhanced measures, while lower-risk customers are handled efficiently without compromising compliance.
Documentation and Review: All risk assessment processes, methodologies, and findings are thoroughly documented. The results of our enterprise risk assessments feed directly into refining policies, controls, and training programs. Senior management and the Board review the risk assessment outcomes and ensure that any gaps are addressed promptly. The risk assessment and risk-based approach methodology itself is reviewed periodically (at least once a year) and updated as needed to reflect new products, changes in regulations, emerging typologies of financial crime, or shifts in the threat environment. This iterative process of review and improvement helps Uptex's AML/CFT program remain dynamic and responsive to new risks.
Customer Due Diligence (CDD)
Uptex implements rigorous Customer Due Diligence measures for all customers - whether individuals or business entities - in compliance with Omani and Canadian requirements and in line with international standards. No account or transaction is opened or executed without the required due diligence. Our CDD measures include:
Customer Identification and Verification: We identify each customer and verify their identity using reliable, independent source documents, data, or information. This includes obtaining and authenticating government-issued identification (e.g. national ID card, passport, or residency permit for individuals), and for businesses, verifying incorporation documents and business licenses. Uptex employs secure digital KYC processes to facilitate identification, including the integration of Sumsub's identity verification platform. Through Sumsub, we authenticate identity documents (checking security features, validity, etc.) and perform biometric verification (such as selfie liveness checks) to ensure the person presenting the ID is the legitimate holder. This electronic KYC process allows Uptex to confidently onboard customers remotely while preventing anonymous or fictitious accounts.
Beneficial Ownership: For customers that are legal entities (e.g. companies, partnerships, organizations), we identify and take reasonable measures to verify the ultimate beneficial owners (UBOs) - the natural persons who ultimately own or control the entity. Uptex looks through complex ownership structures to determine any individual owning 25% or more of the entity's capital or controlling it (or a lower threshold if required by law or risk considerations). We document these owners and also verify their identities. We leverage tools (including Sumsub's corporate KYC/UBO verification modules) to streamline the collection of official corporate records and ownership information. All identified UBOs are screened just like individual customers (for sanctions, PEP status, etc.), ensuring that we know who the true principals are behind each corporate client.
Purpose and Nature of Relationship: Uptex gathers information on the intended purpose of the account or business relationship and the anticipated nature of the customer's activities. During onboarding, customers are asked about the purpose of opening the account or using our services - for example, personal savings, salary payments, investment trading via our brokerage service, international remittances for family support, business transactions, etc. We also record the customer's basic profile such as occupation or line of business, expected source of funds and income, and expected transactional behavior. This information establishes a baseline against which we can later monitor account activity for consistency or anomalies. Understanding why the customer is using Uptex and what types of transactions they expect to conduct is a key component of effective due diligence.
Risk Profiling (Initial and Ongoing): Based on the CDD information collected, Uptex assigns each customer a preliminary risk rating (for example, Low, Medium, or High risk). Factors influencing the risk rating include the customer's profile (residency, occupation, PEP status, etc.), product/services used, transaction volumes, geographic exposure, and any other risk indicators. Customers deemed higher-risk - such as non-resident clients, those with complex ownership structures or unclear source of funds, those from high-risk countries, or PEPs - are subject to Enhanced Due Diligence measures (see next section) and are flagged for more frequent review. All customers, regardless of risk level, are subject to ongoing monitoring to ensure their risk profile remains up-to-date. If a customer's behavior or external risk environment changes (e.g. new adverse media, change in business activity), their risk rating may be adjusted and controls stepped up accordingly.
Timing of CDD: Full CDD (identification, verification, and risk profiling) is completed prior to opening any account or establishing a business relationship. Uptex's policy is not to provide financial services until all requisite customer information and documents have been obtained and verified to our satisfaction. In limited circumstances allowed by law (for instance, certain non-face-to-face onboarding scenarios), if any aspect of verification must be completed after account opening, it must occur as soon as possible, and interim measures are put in place to closely monitor the account for suspicious activity until verification is finalized. Additionally, for any occasional (one-off) transaction by a customer who does not have an account with us, we will perform full CDD when the transaction exceeds applicable regulatory thresholds (for example, over OMR 4,000 in Oman, or CAD 1,000 in Canada, in line with local laws). In practice, Uptex's digital model generally requires customers to register and undergo CDD before transacting, thereby minimizing any scenario of delayed due diligence.
Failure to Complete CDD: If a prospective customer refuses to provide information or documents required for identification, or if we cannot verify the customer's identity or source of funds to a satisfactory level, Uptex will not onboard the customer or carry out the transaction. In such cases, we terminate the onboarding process and, if warranted, consider whether a suspicious transaction report (STR) should be filed (e.g., if the refusal or inability to verify gives rise to suspicion of illegitimate intent). For existing customers, if they become uncooperative or fail to provide updated information during periodic refresh of KYC details, Uptex will consider restricting or eventually terminating the business relationship, subject to regulatory guidance. Any decision to exit a customer for non-compliance with CDD requirements will be escalated to the MLRO and documented. Throughout, staff are mindful not to tip off the customer (see STR Reporting section) if a suspicious report is going to be made.
Enhanced Due Diligence (EDD) for Higher-Risk Customers
For customers or scenarios that present higher risk, Uptex applies Enhanced Due Diligence measures above and beyond the standard CDD. Customers may be classified as high-risk based on factors such as their risk rating, background, or activity. Common examples of high-risk situations include: customers with large and unusual transaction volumes, clients from countries known for high corruption or inadequate AML controls, customers involved in cash-intensive businesses, those with complex or opaque ownership structures, and any politically exposed persons (PEPs) or their close associates/family members. In these cases, additional scrutiny and safeguards are implemented to mitigate the elevated risk. Our EDD measures include:
Senior Management Approval: Establishing or continuing a business relationship with a high-risk customer requires approval from senior management. For instance, if a customer is identified as a PEP or has other significant risk indicators, compliance officers/MLRO will prepare an assessment and seek sign-off from a senior executive (and if particularly sensitive, notification to the Board of Directors). This ensures that the highest levels of management are aware of and accountable for the risks that the institution may be exposed to with such relationships. Without such approval, the account will not be opened or may be subject to closure if already opened.
Source of Funds and Source of Wealth Verification: Uptex takes proactive steps to establish and validate the source of funds and, where applicable, the broader source of wealth for high-risk customers. This means we seek to understand how the customer acquired the money involved in the transactions or account (source of funds) and how the customer obtained their overall wealth or net worth (source of wealth). Documentation may be requested as evidence, such as salary slips or employment contracts for wage income, bank statements or business invoices for business income, sale agreements for property sales, inheritance documents, investment portfolios, etc. By verifying that a high-risk customer's funds and wealth are legitimate and consistent with their profile, we reduce the likelihood that illicit money is entering our bank.
More Frequent KYC Reviews: High-risk customer profiles are reviewed and refreshed more frequently than standard customers. While low-risk customers might be asked to update their KYC information every few years, high-risk accounts undergo a review at least annually (or even more often if deemed necessary). In these reviews, we confirm that identification documents are up to date, re-check beneficial ownership (for entities), and screen for any new adverse information (such as negative news or changes in PEP status). Additionally, any material changes in a high-risk customer's situation - for example, a change in ownership of a company, a significant shift in account activity, or new derogatory information - triggers an immediate re-assessment and update of the due diligence file, rather than waiting for the periodic review cycle.
Enhanced Transaction Monitoring: Transactions involving high-risk customers are subject to more stringent monitoring parameters. Our automated monitoring system is calibrated to apply lower thresholds and more sensitive rules for accounts rated as high-risk. This means that even moderately sized or subtle unusual transactions by these customers will trigger alerts for review. Compliance analysts give priority to investigating alerts on high-risk accounts. For example, for a PEP's account, we may have bespoke rules such as flagging any transaction above a certain low amount, any international wire to a high-risk jurisdiction, or any transaction that doesn't fit the PEP's stated source of wealth. Enhanced monitoring ensures that potentially suspicious activities by higher-risk clients are detected and assessed promptly.
Correspondent Finance and Wire Transfers: Although Uptex is a digital bank without physical branches, it does rely on correspondent banks and payment intermediaries to execute international wire transfers and payments. Prior to establishing any new correspondent banking relationship (i.e. partnering with another bank to clear or transfer funds), Uptex conducts thorough due diligence on the correspondent institution. We ensure the correspondent is a reputable, regulated entity with robust AML controls, and we obtain senior management approval before entering into the relationship. Under no circumstances will Uptex engage in relationships with shell banks (banks that have no physical presence or affiliation with a regulated financial group). In line with international standards and local regulations, Uptex also complies with the "Travel Rule" for wire transfers (FATF Recommendation 16). This means that for cross-border transfers, required originator and beneficiary information travels with the payment message. We include all necessary sender and recipient details with wire transfers as mandated by Omani regulations and Canadian law, ensuring that intermediaries and recipients can identify and screen transaction parties. Any wire transfers involving banks or countries subject to sanctions or embargoes receive heightened scrutiny or are rejected outright per our sanctions policy.
Ongoing Monitoring of Accounts and Transactions
Uptex maintains a continuous monitoring program to detect unusual or potentially suspicious activity across all customer accounts. Monitoring is a core component of our AML/CFT controls, allowing us to spot patterns or transactions that do not fit a customer's profile or that match known typologies of illicit finance. The monitoring framework combines automated tools with human analysis, and is sensitive to the risk level of each customer. Key aspects of our ongoing monitoring include:
Automated Transaction Monitoring: Uptex utilizes an automated transaction monitoring system, configured with a range of rules, scenarios, and thresholds tailored to our business and risk appetite. (We have integrated advanced RegTech solutions, including Sumsub's AML transaction monitoring software, to assist in this process.) This system processes all account and transaction data in real time and in daily batch mode to flag transactions or patterns of activity that may indicate money laundering, terrorist financing, fraud, or other suspicious behavior. Examples of scenarios that our system is designed to detect include: large, rapid movements of funds into and out of an account (potential layering of illicit funds), multiple smaller transactions structured just below reporting thresholds ("smurfing"), unusual patterns of trading in a securities account inconsistent with normal investment strategies, or transfers to/from high-risk jurisdictions without an apparent legitimate reason. When the system flags a transaction or pattern, it generates an alert for further review by compliance staff. The rules in the system are reviewed regularly and adjusted based on new typologies and lessons learned (to maintain effectiveness and minimize false positives).
Real-Time Screening of Transactions: All transactions processed by Uptex - whether outgoing payments, incoming receipts, or internal transfers - are subject to real-time sanctions and watchlist screening. This means the names of senders and receivers, as well as any relevant payment details, are automatically screened against up-to-date sanctions lists (UN, OFAC, EU, UK, and any applicable Canadian or local lists) and other watchlists (e.g. known terrorist entities, persons of interest) as the transaction is occurring. If a match or near-match to a listed person or entity is detected, the system will automatically pause or block the transaction pending investigation. Additionally, certain high-risk geographies or banks may be pre-coded into our system with rules to either block or flag transactions involving those jurisdictions for manual review. This transaction screening component ensures we do not process prohibited transactions and that any potential sanctions issues are caught immediately.
Manual Review and Investigations: Alerts generated by the monitoring systems are routed to Uptex's compliance investigations team (analysts in the AML/CFT compliance function). These analysts review each alert using a case management process. The review involves examining the transaction details and the customer's profile and history to determine if the activity can be explained by known legitimate behavior or if it is truly anomalous. Often, analysts may reach out internally (e.g., to a relationship manager or the customer service team) for any additional context, or externally check public information (such as adverse media reports about the customer) to aid their assessment. Many alerts will be deemed "false positives" or normal business activity once reviewed in context. Such alerts are closed with an explanation recorded. However, if an alert cannot be reasonably explained and suspicion remains that the activity could be illicit, the matter is escalated immediately to the MLRO for potential reporting to authorities (see Suspicious Transaction Reporting below). The MLRO will make the final determination on filing an STR. All alert investigations are documented in our case management system, creating an audit trail of what was reviewed and the conclusion.
Integration with Customer Risk Profiles: Our monitoring program is closely integrated with our customer due diligence information and risk scoring. When reviewing alerts, analysts consider the customer's risk rating and KYC details (e.g. stated source of funds, expected activity, business type). If a customer accumulates multiple unresolved red flags or if new information suggests higher risk (for example, a media report linking the person to a corruption scandal), Uptex will reassess the customer's risk level and may upgrade it to high risk. This would trigger enhanced due diligence measures (as described in the EDD section) such as a request for updated information, increased monitoring, or involving senior management for decisions on retaining the client. In essence, monitoring is not done in isolation - it's part of a feedback loop where identified issues feed into a customer's profile, ensuring our view of the customer's risk is continuously updated.
Examples of Unusual Activities: To ensure our staff are aware of red flags, Uptex has defined examples of activities that often signal potential money laundering or terrorist financing. Some examples include: a personal account being used for heavy business transactions or large third-party payments (potentially commingling illicit funds in what is supposed to be a personal account); sudden spikes in account activity or incoming funds followed by quick withdrawals or transfers (especially if inconsistent with the customer's profile); multiple individuals sending funds to the same beneficiary, or one individual sending to many beneficiaries (possibly indicative of funnel accounts or mule activity); transactions involving counterparties in countries known for drug trafficking, terrorism, or tax havens that have no obvious business tie to the customer; and clients attempting to evade reporting thresholds by breaking transactions into smaller amounts. These examples (among many others) are covered in training and built into our monitoring scenarios. Whenever such patterns are observed, they are treated with suspicion and thoroughly investigated by compliance.
Record-Keeping of Alerts and Investigations: Uptex maintains detailed records of all alerts triggered and the subsequent investigations and dispositions of those alerts. For every alert, whether it is cleared as a false positive or escalated as suspicious, our compliance team documents the rationale for the decision. If an alert leads to an STR filing, the fact of that filing (and the report itself) is kept confidentially on file. These records are critical for internal audit and regulatory examination purposes, as they demonstrate our vigilance and the decisions made. We retain alert and case records in accordance with our record-keeping policy (typically at least 10 years). Through this documentation, we ensure accountability and the ability to review past decisions for consistency and lessons learned.
Suspicious Transaction Reporting (STR)
In line with both Omani and Canadian law, Uptex promptly reports any suspicious activity or transaction to the appropriate authorities, as failure to do so can facilitate criminal activity and expose the bank to legal penalties. A suspicious transaction is any completed or attempted transaction, or any behavior, that gives rise to reasonable grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorist financing, or any other violation of law. Key points of our STR process and obligations include:
Criteria for Suspicion: Staff are trained to be alert to numerous red flags that could trigger a suspicion. These include, but are not limited to: transactions that are inconsistent with a customer's known legitimate purpose or profile and for which no plausible explanation is provided; efforts to avoid reporting thresholds (structuring of deposits or transfers just below reportable amounts); complex or rapid movement of funds between accounts or across borders with no clear business rationale; the involvement of a customer or counterparty who is a known subject of adverse media or is on a sanctions/terrorist watchlist; any use of the bank's services that appears to be for hiding the origin or destination of funds; or transactions linked to jurisdictions known for high crime, sanctions evasion, or terrorism. Even relatively small transactions will be considered suspicious and reportable if linked to terrorism or if they show indicators of money laundering schemes. Both Omani and Canadian regulations emphasize that institutions should err on the side of reporting if in doubt.
No Threshold for STR Filing: There is no minimum monetary amount for reporting a suspicious transaction. Unlike certain other reports (like cash transaction reports) that have specific dollar thresholds, a Suspicious Transaction Report must be filed regardless of the transaction value if suspicion exists. Uptex strictly follows this principle: the moment we have reasonable grounds to suspect, we will prepare an STR. Moreover, our employees are instructed that the legal obligation is to report all suspicions; they should never refrain from reporting because an amount is low or because they think law enforcement might not be interested. This policy aligns with Article 18 of Oman's AML law and FINTRAC guidelines in Canada, both of which prohibit any "threshold exemption" for suspicious reporting.
Internal Escalation Procedure: When an employee identifies unusual activity that they suspect may be linked to illicit behavior, they must promptly escalate it to the MLRO through an internal reporting mechanism (often called a suspicious activity report or SAR internally). We have clear procedures and channels (secure email or case management system) for staff to report their suspicions confidentially to the MLRO's office. Upon receiving an internal report, the MLRO (and his/her investigative staff) will review the details and may gather additional information, such as transaction records, KYC files, and any open-source intelligence on the subject. This internal review is done on a priority basis. If the MLRO's evaluation concludes that reasonable grounds for suspicion exist, the MLRO will approve the filing of an official Suspicious Transaction Report to the relevant Financial Intelligence Unit (FIU). In Oman, STRs are filed with the National Centre for Financial Information (NCFI), and in Canada, STRs are filed electronically with FINTRAC. The reports contain all required details of the customer, transactions, and the nature of suspicion, accompanied by any supporting documentation. Uptex ensures that STRs are filed as soon as possible after determining a suspicion, in accordance with the timelines set by local law (immediately in Oman, and promptly - generally within 30 days of detection - in Canada).
Prohibition on "Tipping Off": All STR filings are handled with strict confidentiality. It is against the law in both Oman and Canada for anyone - including bank staff - to inform ("tip off") a customer or any unauthorized party that a suspicious transaction report has been made or that their activities are under investigation. Uptex employees are regularly trained and reminded of this obligation. Any breach of confidentiality or tipping off is considered a serious offense and is grounds for disciplinary action, up to and including termination, and could result in legal penalties for the individuals involved. To support this, STR-related documents and discussions are segregated from regular customer service files, and information is shared strictly on a need-to-know basis within the bank. We take care that even during the escalation and inquiry process, staff handle the matter in a way that does not arouse the customer's suspicion (for example, not suddenly blocking an account without a lawful basis or not asking the customer leading questions that hint at an investigation).
Cooperation with Authorities: Uptex cooperates fully with financial intelligence units and law enforcement agencies in both Oman and Canada. Once an STR is filed, we stand ready to provide additional information or clarification to the FIU if requested. In Oman, we promptly respond to any queries or orders from the NCFI, and in Canada, we likewise respond to FINTRAC requests or, if law enforcement takes over an investigation, to police warrants and orders. If authorities issue a monitoring or freeze order on an account as part of an investigation, we comply immediately, within the confines of the law. Uptex does not impede or delay official investigations. We also recognize that FIUs share information internationally (for instance, NCFI and FINTRAC are members of the Egmont Group of FIUs), so the quality and completeness of our STRs are important in assisting global efforts. Where legally permitted, we may also share information with other institutions or authorities as part of established information-sharing programs to combat financial crime (e.g., Section 314(b) in the US, or similar mechanisms, if applicable and with proper safeguards), but always in compliance with privacy laws.
Post-Reporting Actions: Filing an STR does not end our responsibilities toward the customer or the account. After reporting, the MLRO will consider what, if any, further actions the bank should take with respect to that client relationship. Enhanced monitoring on the customer's transactions will continue. The account may be temporarily flagged to prevent large outflows (subject to not tipping off) or subjected to additional controls. The MLRO, in consultation with senior management, will evaluate whether to restrict services or eventually terminate the customer relationship in order to mitigate risk to the bank - while balancing the need to avoid tipping off. Any decision to exit a client after an STR is made carefully (often after seeking guidance from the authorities, since sometimes law enforcement may prefer the account remain open under monitoring). All post-STR decisions and actions are documented.
Other Mandatory Reports: In addition to STRs, Uptex complies with all other transaction reporting obligations in the jurisdictions we operate. For example, Oman requires the filing of Cash Transaction Reports (CTRs) with the CBO/NCFI for any cash deposits or withdrawals that exceed a certain threshold (currently OMR 6,000). In practice, as a digital bank, Uptex handles very little physical cash directly; however, if a customer were to deposit or withdraw cash via any partner facility above the threshold, we would ensure a CTR is filed. Likewise, in Canada, Uptex (as an MSB) must file Large Cash Transaction Reports for any receipt of cash of CAD 10,000 or more (whether in one transaction or multiple within 24 hours), and Large Virtual/Electronic Funds Transfer Reports for incoming or outgoing electronic funds transfers of CAD 10,000 or more to or from Canada in a single transaction or in smaller amounts that aggregate to that amount in 24 hours. Uptex's systems are configured to detect such large transactions and aggregate multiple related transactions, and we file the required reports to FINTRAC within the mandated timeframes. All such threshold-based reports are made in addition to any suspicious reports (i.e., we will file an STR for suspicious activity regardless of amount, and also file threshold reports irrespective of suspicion, as required).
Sanctions Compliance and Asset Freezing
Uptex is fully committed to complying with all applicable economic sanctions laws and regulations to prevent our institution from being used for terrorist financing, proliferation of weapons of mass destruction, or other illicit purposes. Both Oman and Canada impose binding sanctions requirements (primarily implementing United Nations Security Council resolutions, as well as their own national sanctions regimes), and Uptex adheres to the strictest standard applicable. Our sanctions compliance framework includes the following measures:
Sanctions Screening (Customers and Counterparties): Uptex screens all new and existing customers against relevant sanctions lists. During onboarding, every customer's name (and for entities, key principals and UBOs) is checked against the consolidated United Nations Security Council sanctions list. In addition, to ensure comprehensive coverage, we screen against major international sanctions lists such as the U.S. Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) list, the European Union and UK sanctions lists, and any specific lists mandated by Omani or Canadian authorities. This screening is not a one-time event; our system routinely (at least daily, or in real-time when updates are available) re-screens our customer base against updated sanctions data. If any customer is identified as a positive match to a sanctioned individual or entity, the account opening will be rejected (if still in onboarding) or the existing account will be frozen or terminated as required, and a report will be made to the authorities immediately.